![]() ![]() Yahoo has been vocal about the progression of its security program, starting with a post-Snowden ramp-up of its encryption efforts, the launch of a bug bounty in 2013 and the hiring of high-profile CISOs Alex Stamos and current chief Bob Lord, formerly of Twitter and Rapid7. “We have a comprehensive program for protecting our users that includes working with third parties to monitor for information of this nature, including law enforcement, private entities, and partners in our industry,” Tumblr’s spokesperson said. Tumblr does offer two-factor authentication for its account holders, and does have a dedicated security team inside of Yahoo. We have no reason to believe that this information was used to access Tumblr accounts.” To be more specific, the passwords were salted and hashed. “As noted in our blog, these passwords were hashed. ![]() Due to account and password reuse, we see a regular volume of attempted unauthorized activity on accounts,” Tumblr’s spokesperson said. “We have analyzed the set of Tumblr data, and have no reason to believe it was used to access accounts. Tumblr said it would not comment on where it found the email addresses and passwords for fear of providing too much visibility into its investigatory methods. “As a precaution, however, we will be requiring affected Tumblr users to set a new password.” Our analysis gives us no reason to believe that this information was used to access Tumblr accounts,” Yahoo said. “As soon as we became aware of this, our security team thoroughly investigated the matter. Yahoo, which acquired Tumblr for $1.1 billion in 2013, disclosed the situation Thursday on its Yahoo Paranoids blog. “This data is 3 years old, we don’t have forensic information from that time,” The spokesperson told Threatpost via email. “Most of Tumblr’s systems from that time have been retired, and important credentials have been rotated.” The spokesperson also would not confirm whether Tumblr had been breached. Yahoo has forced a password reset on Tumblr account holders after it discovered that someone had accessed email addresses, and salted and hashed passwords from early 2013.Ī Tumblr spokesperson would not disclose who had accessed the data, where it was found, nor how many email addresses were impacted and how many of those are still active accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |